Closed
Bug 15769
Opened 25 years ago
Closed 25 years ago
[BLOCKER][CRASHER][TESTCASE] Having <select></select> without options inside crash application.
Categories
(Core :: Layout: Form Controls, defect, P1)
Tracking
()
VERIFIED
FIXED
M11
People
(Reporter: desale, Assigned: pollmann)
References
Details
Attachments
(1 file)
|
204 bytes,
text/html
|
Details |
Having <select></select> without options inside, crash application real hard. BUILDS: 10-06-19 [M10][Apprunner/Viewer] STEPS TO REPRODUCE: 1] Please copy code I'm providing. Save it as HTML file. 2] Open this HTML file with apprunner as well as viewer. EXPECTED RESULTS: Application should simply load the page. ACTUAL RESULTS: Application crashes. DESCRIPTION: Application is crashing because of having empty select list in HTML code. We can have empty select list because we can expect cgi to fill this select depending on the data coming from cgi. Having <select> </select> in HTML code is crashing application. On other hand if we put option inside the select list then it does not crash. If we use <select> <option>opt1</option> </select> then it does not crash. So having empty select is crashing the application. CODE: <html> <head> <title>Tester.html</title> </head> <body> <form name="workform" > <select> </select> </form> </body> </html> END OF CODE: STACK REPORT Incident ID: 14133930 Trigger Type: Program Crash Trigger Reason: Access violation Call Stack: (Signature = nsListControlFrame::DisplaySelected 4708ac3c) nsListControlFrame::DisplaySelected [d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line 545] nsListControlFrame::SetContentSelected [d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line 1220] nsListControlFrame::Reset [d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line 1339] nsListControlFrame::Init [d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line 981] nsCSSFrameConstructor::InitializeScrollFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4038] nsCSSFrameConstructor::ConstructSelectFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 2950] nsCSSFrameConstructor::ConstructFrameByTag [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 3060] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4869] nsCSSFrameConstructor::ProcessChildren [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 7987] nsCSSFrameConstructor::ConstructFrameByTag [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 3153] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4869] nsCSSFrameConstructor::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 5417] StyleSetImpl::ContentAppended [d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 864] PresShell::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1724] nsDocument::ContentAppended [d:\builds\seamonkey\mozilla\layout\base\src\nsDocument.cpp, line 1575] nsHTMLDocument::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLDocument.cpp, line 1044] HTMLContentSink::NotifyBody [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 276] HTMLContentSink::WillInterrupt [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 1770] CNavDTD::WillInterruptParse [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3116] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 958] nsParser::OnDataAvailable [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1340] nsDocumentBindInfo::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1372] nsChannelListener::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1613] nsHTTPResponseListener::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 195] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 359] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 153] PL_HandleEvent [plevent.c, line 542] PL_ProcessPendingEvents [plevent.c, line 501] _md_EventReceiverProc [plevent.c, line 974] KERNEL32.DLL + 0x35d9 (0xbff735d9) KERNEL32.DLL + 0x2222f (0xbff9222f) 0x00638bec
|
Reporter | |
Updated•25 years ago
|
Priority: P3 → P1
QA Contact: cpratt → desale
Summary: [CRASHER][TESTCASE] Having <select></select> without options inside crash application. → [BLOCKER][CRASHER][TESTCASE] Having <select></select> without options inside crash application.
|
|
Reporter | |
Comment 1•25 years ago
|
||
Changing priority to P1 and QA contact to myself. Pratt is this okay if I keep QA contact ?
|
||
Updated•25 years ago
|
Assignee: karnaze → rods
Severity: normal → blocker
|
|
||
Comment 2•25 years ago
|
||
Reassigning to Rod.
|
||
Comment 4•25 years ago
|
||
I fixed this a while ago. This works for me, although I was mucking about in the select code and just did a check in. This test is in test8 in the viewer and apprunner. test8 has been working and quite sometme. Please repull or wait until tomorrow and test it then after verifications. Tomorrow I will mark as works for me.
|
||
Comment 5•25 years ago
|
||
I'm not seeing a "crash", but I see a couple of asserts because of this check:
if (mSelectionCacheLength != length) {
NS_ASSERTION(0,"nsListControlFrame: Cache sync'd with content!\n");
when adding items to a list in JavaScript. I notice that if there's no items
added, there is a "X" that appears as a single list item -- so the above
check fails since mSelectionCacheLength = 0 but length = 1 (for the "X")
Stack:
nsListControlFrame::UpdateSelection(nsListControlFrame * const 0x02e52524, int
0, nsIContent * 0x02e326d0) line 1724 + 35 bytes
nsComboboxControlFrame::UpdateSelection(nsComboboxControlFrame * const
0x02e52884, int 0, int 1, int -1) line 986|
|
||
Updated•25 years ago
|
Assignee: rods → pollmann
|
|
||
Comment 6•25 years ago
|
||
The asserts are in Eric P. new code and this then needs to be assigned to him.
The "X" shouldn't be appearing. If it is it is because the visibility (shown
below) is incorrectly set to collapse instead of hidden. It should be hidden
now.
select:-moz-dummy-option {
visibility: hidden;
content: "X";
/*display: block;*/
}
Assigning to Eric to check for the problem with the asserts.
|
Assignee | |
Updated•25 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 8•25 years ago
|
||
This crash has been fixed in M11. I'll look into those asserts. Charlie, do you have a testcase that will reproduce them?
|
|
Assignee | |
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 9•25 years ago
|
||
I'm now resizing the cache eagerly when an option is added or removed. This got rid of the assert I was able to reproduce. To verify, browse to the attachment I'm about to make. Click on the RemoveOption button. You should not see any warnings printed out to the terminal.
|
|
Assignee | |
Comment 10•25 years ago
|
||
|
|
Reporter | |
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Comment 11•25 years ago
|
||
Marking verified.
|
||
Comment 12•25 years ago
|
||
*** Bug 17355 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•